Is there a reason to Unlink DeviceID after a recoverable has been Linked?

After many many iterations of login flow I have one last question:

Is there a reason to Unlink DeviceID after a recoverable (Google, Facebook, GameCenter) has been Linked?

I currently check at game startup if there is a Playprefs "AuthType" stored. I have five senarios:

= None or "null"

= DeviceID

= Google

= GameCenter *not currently used

= Facebook *not currently used

After senario 3 - 5 are logged in via CA = false (happens to be silent after first login) should I be Unlinking DeviceID (Android, IOS)??? The flow at links 1 - 2 below suggest this is what should be done.

I understand the reason to first login a device with senario 2 (origination for segmentaion of device type). Is that still a valid reason to login with DeviceID other than frictionless startup of a new player?

1 Reply

Continuing to use Device ID for login subsequently is specifically to minimize the friction in the player experience. In general, we do recommend keeping the Device ID on the account, though it's really your call if you want to keep it. Some things to note would be:

1) The Device ID is less secure, since it isn't a token- or password-secured login, but in general this is relatively low risk, as modern devices have sufficiently complex IDs.

2) Some functionality, like using the friends list in Facebook, requires that the player have a current token for that service in PlayFab (so that we can make calls on their behalf). So for scenarios like that, you'd want to make sure you are checking and updating the login for that specific platform when you need to use those features.

In practice when loging into Google, the second login seems to be cached somehow (Google side?) and the login is silent other than the small notification that slides down and says user logged into PlayGames.

Yes, depending on the specific provider, there may or may not be anything required of the user on subsequent logins. Depending on the platform, they may timeout this "permission" after some time, requiring the user to re-confirm. And, of course, we don't really have any way to control that, or whether they choose to change it in future. So we tend to index on keeping the Device ID in our feedback, but your mileage may vary. :)

So, in the case that I want to use Googles built-in "Achievements" and Facebooks "Friends Lists" and "Push Notifications", but I want to use DeviceID as the primary login I am not sure how I can use all the different services while logged in using DeviceID.

Once Google and Facebook would be Linked to the account, does PlayFab retain the info needed to use each service or do I need to capture it and save it locally or in InternalData for instance? OR do I need to request a token for each when trying to access a service feature? I'm still a bit confused I guess.

That's what I was referring to in my previous post. It is not possible for us to have a token which would give PlayFab an unlimited time period where we could make calls to those services on behalf of the user - having such a token would be a serious security issue for those platforms. But specific to your question:

We are not integrated with Google Achievements or Facebook Push. We have our own Push service, and it's fairly simple to build Achievements in PlayFab (and we'll be making that easier).

Using Facebook friends requires that we have a non-expired token for the user. If you set IncludeFacebookFriends to true, and you get back FacebookAPIError, you should go through the process of logging in the user with their Facebook credentials again, to get us a new token.

Your answer

Hint: You can notify a user about this post by typing @username

Attachments:
Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.